Difference between revisions of "UsingKrenew"

From HPC Wiki
Jump to: navigation, search
(Importing text file)
 
(Importing text file)
 
(8 intermediate revisions by one user not shown)
Line 3: Line 3:
 
logging into any AFS client and running the command 'klist.'
 
logging into any AFS client and running the command 'klist.'
  
band-57 guest24>: klist
+
<pre code>
Ticket cache: FILE:/tmp/krb5cc_22967_1Ul1SV
+
somehost-57 user123>: klist
Default principal: guest24@NJIT.EDU
+
Ticket cache: FILE:/tmp/krb5cc_98765_1Ul1SV
 +
Default principal: user123@NJIT.EDU
  
 
Valid starting    Expires            Service principal
 
Valid starting    Expires            Service principal
Line 12: Line 13:
 
02/27/14 11:44:23  02/27/14 19:44:24  afs/cad.njit.edu@NJIT.EDU
 
02/27/14 11:44:23  02/27/14 19:44:24  afs/cad.njit.edu@NJIT.EDU
 
renew until 03/29/14 12:44:23
 
renew until 03/29/14 12:44:23
 +
</pre>
  
 
To see the tokens :
 
To see the tokens :
  
band-58 guest24>: tokens
+
<pre code>
 +
somehost-58 user123>: tokens
  
 
Tokens held by the Cache Manager:
 
Tokens held by the Cache Manager:
  
User's (AFS ID 22967) tokens for afs@cad.njit.edu [Expires Feb 27 19:44]
+
User's (AFS ID 98765) tokens for afs@cad.njit.edu [Expires Feb 27 19:44]
 
   --End of list--
 
   --End of list--
 
+
</pre>
  
 
Note that in the above case, the user logged in at 11:44 the ticket and  
 
Note that in the above case, the user logged in at 11:44 the ticket and  
Line 29: Line 32:
 
The command to automatically renew the Kerberos ticket and AFS token is :
 
The command to automatically renew the Kerberos ticket and AFS token is :
  
 +
<pre code>
 
krenew -b -t -K 60
 
krenew -b -t -K 60
  
-b run the background
+
-b : run the background
-t run aklog to get the AFS token after the ticket is renewed
+
-t : run aklog to get the AFS token after the ticket is renewed
-K 60 wake up every 60 minute and see if the ticket need to be renewed
+
-K 60 : check every 60 minutes and see if the ticket needs to be renewed
 +
</pre>
  
 
Using krenew as above is useful in circumstances such as the following:
 
Using krenew as above is useful in circumstances such as the following:
  
1) Maintain login credentials on a personal workstation
+
* Maintain login credentials on a personal workstation
2) Maintain a vnc or screen session
+
* Maintain a VNC or screen session
  
 
Alternatively,  krenew can take a command as an argument. In this case  
 
Alternatively,  krenew can take a command as an argument. In this case  
 
krenew maintains credentials specific to the command. For example, to  
 
krenew maintains credentials specific to the command. For example, to  
run sftp with krenew --
+
run sftp with krenew :
  
 +
<pre code>
 
krenew -t -K 60 /usr/bin/sftp
 
krenew -t -K 60 /usr/bin/sftp
 +
</pre>
  
 
To run a long running compute job in the background where the output is  
 
To run a long running compute job in the background where the output is  
 
directed to a file, the argument to krenew needs to be a shell followed  
 
directed to a file, the argument to krenew needs to be a shell followed  
by the command --
+
by the command :
 +
 
 +
<pre code>
 +
krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/cad/.../output.file'
 +
</pre>
  
krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/.../output'
+
[[Category:Running Jobs]]

Latest revision as of 14:44, 3 March 2014

When a user logs into an AFS client, the user gets a "Kerberos ticket". The AFS token is generated from the Kerberos ticket. You can see this by logging into any AFS client and running the command 'klist.'

somehost-57 user123>: klist
Ticket cache: FILE:/tmp/krb5cc_98765_1Ul1SV
Default principal: user123@NJIT.EDU

Valid starting     Expires            Service principal
02/27/14 11:44:23  02/27/14 19:44:24  krbtgt/NJIT.EDU@NJIT.EDU
	renew until 03/29/14 12:44:23
02/27/14 11:44:23  02/27/14 19:44:24  afs/cad.njit.edu@NJIT.EDU
	renew until 03/29/14 12:44:23

To see the tokens :

somehost-58 user123>: tokens

Tokens held by the Cache Manager:

User's (AFS ID 98765) tokens for afs@cad.njit.edu [Expires Feb 27 19:44]
   --End of list--

Note that in the above case, the user logged in at 11:44 the ticket and token expires eight hours later, at 19:44. Also note that the ticket is renewable until the end of March.

The command to automatically renew the Kerberos ticket and AFS token is :

krenew -b -t -K 60

-b  	: run the background
-t  	: run aklog to get the AFS token after the ticket is renewed
-K 60 	: check every 60 minutes and see if the ticket needs to be renewed

Using krenew as above is useful in circumstances such as the following:

  • Maintain login credentials on a personal workstation
  • Maintain a VNC or screen session

Alternatively, krenew can take a command as an argument. In this case krenew maintains credentials specific to the command. For example, to run sftp with krenew :

krenew -t -K 60 /usr/bin/sftp

To run a long running compute job in the background where the output is directed to a file, the argument to krenew needs to be a shell followed by the command :

krenew -t -b -K 60 -- sh -c '/full/path/to/compute-job > /afs/cad/.../output.file'